I'm using File Picker for handling files for my web application. In my front end app I have the URL to the file's handle (ex. https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i), but I don't have it's complete inkBlob.
The file is an image and I want to do a convert operation on this file. It seems that I am required to include the mimetype when calling on the convert function.
Taken from File Picker's API documentation on convert, this works:
var inkblob = {
url: 'https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i',
filename: 'customers.jpg', mimetype: 'image/jpeg',
isWriteable: false, size: 629454
};
var result = document.getElementById("convert-result");
filepicker.convert(inkblob, {width: 200, height: 200},
function(new_InkBlob){
console.log(new_InkBlob.url);
result.src = new_InkBlob.url;
}
);
The same code works with an inkblob like this:
var inkblob = {
url: 'https://www.filepicker.io/api/file/H7KYuWy1S3e1qvG2M66i',
mimetype: 'image/jpeg',
};
However, the convert does not work if you exclude the mimetype and only include the url.
In my situation it requires me to first do a stat call against the filehandle to retrieve the mimetype from File Picker's API, then send the mimetype right back to filepicker when I do the convert command.
Is it possible to make it so the mimetype is omitted and File Picker looks the mimetype up internally if it isn't included in the convert command?
For convert() method, mimetype is just a security check to ensure you pass an image. If you pass 'image/jpeg' even if it's not the correct mimetype for the image, it should work just fine. So no need to stat file every time.
For other people wanting answer to this question, here are some more information we communicated on mail:
The answer they gave on mail:
For convert() method, mimetype is just a security check to ensure you
pass an image. If you pass 'image/jpeg' even if it's not the correct
mimetype for the image, it should work just fine. So no need to stat
file every time.
My answer back:
Hi, and thanks for your answer.
It sounds to me like the inclusion of mimetype when calling on the
convert() function is redundant. You tell me I should be able to
simply pass in a fixed mimetype thus I cannot see how this is a useful
security check. If you want to ensure the convert command is executed
on an image File Picker already knows which mimetype a file has and I
believe this should be handled internally when the convert() command
is executed not trusting client's claim of a mimetype on a file.
I haven't tried this; but what happens if I do a convert command with
mimetype set to 'image/jpeg' on a text file? I guess it will fail
which is another reason for me thinking this mimetype requirement on
convert command is obsolete.
Answer from filepicker:
This is really just basic protection from accidental passing files
other than image to the convert call. I'm aware this can be redundant
for you but it works in 95% of cases and we never had issue with this.
Related
I've got a site that accepts file uploads which are sent as multipart/form-data within a POST request. To verify that the upload, which shows the filename afterwards, is secured against XSS I want to upload a file which contains HTML Tags in the filename.
This is actually harder than I expected. I can't create a file containing < on my filesystem (Windows). Also, I don't know a way to change the filename of the file input element inside the DOM before the upload (which is what I would do with normal/hidden inputs). So I thought about editing the POST body before it's uploaded, but I don't know how. Popular extensions (I recall Tamper Data, Tamper Dev) only let me change headers. I guess this is due to the plugin system of Chrome, which is the Browser I use.
So, what's the simplest way of manipulating the POST requests body? I could craft the entire request using cUrl, but I also need state, lots of additional parameters and session data etc. which gets quite complex... A simple way within the Browser would ne nice.
So, while this is not a perfect solution, it is at least a way to recreate and manipulate the form submit using FormData and fetch. It is not as generic as I'd like it to be, but it works in that case. Just use this code in the devtools to submit the form with the altered filename:
let formElement = document.querySelector('#idForm'); // get the form element
let oldForm = new FormData(formElement);
let newForm = new FormData;
// copy the FormData entry by entry
for (var pair of oldForm.entries()) {
console.log(pair[0]+': '+pair[1]);
if(typeof(pair[1]) == 'object' && pair[1].name) {
// alter the filename if it's a file
newForm.append(pair[0],pair[1],'yourNewFilename.txt');
} else {
newForm.append(pair[0],pair[1]);
}
}
// Log the new FormData
for (var pair of newForm.entries()) {
console.log(pair[0]+': ');
console.log(pair[1]);
}
// Submit it
fetch(formElement.action, {
method: formElement.method,
body: newForm
});
I'd still appreciate other approaches.
Trying to use the remove function after the pick function and file is not being removed. (from here https://www.filepicker.com/documentation/file_ingestion/javascript_api/remove?v=v2)
selectFileMedium: function () {
filepicker.pick({
cropRatio: 24/13,
mimetype: 'image/*',
imageDim: [1440, 780]
}, function (Blob) {
InnerThis.uploadMediumImage(Blob.url, Blob.filename);
filepicker.remove(Blob);
});
}
Am I doing this correct?
Blob object return url property which is unificated url of uploaded file eg:
https://www.filepicker.io/api/file/AQgF2U68SNmJDpDXlOdg
However since v2 dialog version there is crop UI avaliable. If user crop file as a response it return the uploaded file url with appended Rest convert parameters:
https://www.filepicker.io/api/file/AQgF2U68SNmJDpDXlOdg/convert?crop=100,200,200,300
filepicker.remove dose not deal with it. Some temporary workaround would be to strip url from '/convert' part just before remove it. However it should be solved on library side.
I'm building an application that inserts documents into MarkLogic server using the MLPHP library. The problem is when I insert a binary document, for example a PDF. The mime type will not be set properly, therefore the file cannot be opened as it should.
This is the code I use to insert a document:
// initialize REST client
$client = new MLPHP\RESTClient('127.0.0.1', 8010, 'v1', '', 'rest-writer-user', 'writer-pw');
// create new document and load content
$doc = new MLPHP\Document($client);
$doc->setContentType("application/pdf");
$doc->setContentFile("demo.pdf");
$doc->write('pdf_demo');
This is a dump of the $doc object after submitting to the server:
And here we have the inserted document in the search results:
But as expected, the browser cannot handle the file due to the wrong mimetype:
Anyone has got a clue what's going wrong here?
Check to see what the Response Header for content type is.
You Might have to set the format URL Parameter to binary. You can read the full documentation at http://docs.marklogic.com/REST/GET/v1/documents
here is what the request would look like
http://localhost:8010/v1/documents?uri=/pdf_demo.pdf&format=binary
I want to save all png images that are loaded along with some webpage into a separate folder.
I am using below code with in Fiddler Script [CustomRules.js].
static function OnBeforeResponse(oSession: Session)
{
if(oSession.url.EndsWith(".png"))
{
oSession.SaveResponseBody();
}
//Actual content of OnBeforeResponse function.
}
Problem here is, I was unable to find any image got saved within Program files/Documents.
Where do “SaveResponseBody()” will save the HTTP Response Body?
Can we give our own custom folder?
My Fiddler version is (v4.4.5.6)
The default SaveResponseBody() method saves the files to your \Documents\Fiddler2\Captures\ folder. If you want to use a different name, use the overload that accepts a filename. You should check the Response's status code is 200 to ensure that you're not trying to save off HTTP/304 responses which won't contain a body. Also, rather than looking at the URL, you probably want to check the response's type.
So you end up with something like this:
if ((oSession.responseCode == 200) &&
oSession.oResponse.headers.ExistsAndContains("Content-Type", "image/png"))
{
SaveResponseBody("C:\\temp\\" + oSession.SuggestedFilename);
}
Note: The manual way of doing this would be to go to the QuickExec box below the Web Sessions list, type select png and hit Enter, then click File > Export > Selected Sessions > Raw Files.
My task is to display the supported document types on an iPhone with OS 3.x, such as .pdf, .rtf, .doc, .ppt, .png, .tiff etc.
Now, I have stored these files only encrypted on disk. For security reasons, I want to avoid storing them unencrypted on disk.
Hence, I prefer to use loadData:MIMEType:textEncodingName:baseURL: instead of loadRequest: to display the document because loadData allows me to pass the content in a NSData object, i.e. I can decrypt the file in memory and have no need to store it on disk, as it would be required when using loadRequest.
The problem is that loadData does not appear to work with all file types:
Testing shows that all picture types seem to work fine, as well as PDFs, while the more complex types don't. I get a errors such as:
NSURLErrorDomain Code=100
NSURLErrorDomain Code=102
WebView appears to need a truly working URL for accessing the documents as a file, despite me offering all content via the NSData object already.
Here's the code I use to display the content:
[webView loadData:data MIMEType:type textEncodingName:#"utf-8" baseURL:nil];
The mime-type is properly set, e.g. to "application/msword" for .doc files.
Does anyone know how I could get loadData to work with all types that loadRequest supports? Or, alternatively, is there some way I can tell which types do work for sure (i.e. officially sanctioned by Apple) with loadData? Then I can work twofold, creating a temp unencrypted file only for those cases that loadData won't like.
Update
Looks like I'm not the first one running into this. See here:
http://osdir.com/ml/iPhoneSDKDevelopment/2010-03/msg00216.html
So, I guess, that's the status quo, and nothing I can do about it.
Someone suggested a work-around which might work, though:
http://osdir.com/ml/iPhoneSDKDevelopment/2010-03/msg00219.html
Basically, the idea is to provide a tiny http server that serves the file (from memory in my case), and then use loadRequest. This is probably a bit more memory-intensive, though, as both the server and the webview will probably both hold the entire contents in memory as two copies then, as opposed to using loadData, where both would rather share the same data object. (Mind you, I'll have to hold the decrypted data in memory, that's the whole point here).
I experienced a very similar issue (i get my files from a server however) and saw your post and thought it was a dead end and then just by chance started to experiment on the device (iPad, in this instance) and it worked when i gave the baseURL as what i used to get it from the server and it worked but does not work on the simulator. I would try that, otherwise I would submit a bug report to Apple.
Here is solution via NSURLProtocol:
class CoreDataFileURLProtocol : NSURLProtocol {
var connection: NSURLConnection!
override class func canInitWithRequest(request: NSURLRequest) -> Bool {
return (request.URL.scheme == "coredatafile")
}
override class func canonicalRequestForRequest(request: NSURLRequest) -> NSURLRequest {
return request
}
override func startLoading() {
if let file_id = self.request.URL.absoluteString?.lastPathComponent {
if let file = SAFile.MR_findFirstByAttribute("file_id", withValue: file_id) as? SAFile {
let response = NSURLResponse(URL: request.URL, MIMEType: file.mime, expectedContentLength: Int(file.filesize), textEncodingName: "utf-8")
client?.URLProtocol(self, didReceiveResponse: response, cacheStoragePolicy: .NotAllowed)
client?.URLProtocol(self, didLoadData: file.data)
client?.URLProtocolDidFinishLoading(self)
}
}
}
override func stopLoading() {
}
}
Now you need only register class:
NSURLProtocol.registerClass(CoreDataFileURLProtocol.self)
And create a request with file_id:
let url = NSURL(scheme: "coredatafile", host: "myapp.com", path: "/\(file.file_id)")
webView.loadRequest(NSURLRequest(URL: url!))